In June 2024, the crypto community was shocked after a Chinese trader's Binance account was hacked, losing $1 million. The attack, made possible by the malicious Aggr plugin on Chrome, reveals the risks faced by crypto holders. Binance is criticized for its lack of responsiveness and transparency.
Crypto: An unexpected scam with serious consequences
On May 24, trader CryptoNakamao noticed suspicious movements on his Binance account. When he checks the price of Bitcoin, it is too late: the hacker has already carried out numerous exchanges before emptying the funds.
The victim then understands that the Aggr plugin installed on Chrome was a Trojan horse stealing browsing data and cookies. The hackers were thus able to hijack the active session of the crypto trader without a password or two-factor authentication.
Sophisticated hacking techniques
This attack shows the creativity of hackers to bypass security measures and steal Bitcoins and other cryptos. Here, they used the stolen cookies to cross-trade, placing simultaneous buy and sell orders on an illiquid pair.
Concretely, they bought a lot of tokens in USDT, placed excessively priced sell orders on BTC, USDC pairs, etc. Then they used leverage to inflate prices and pocket profits, without leaving a trace on the blockchain.
Binance's inaction singled out
The trader claims that Binance knew about this fraudulent plugin for a while, without acting to protect crypto users. Despite unusual volumes and complaints from the victim, the platform did not react in time.
For CryptoNakamao, Binance failed by not alerting its community and not quickly freezing suspicious funds. This reflects crypto users' concerns about the security and transparency of large centralized exchanges.
This case reminds us that despite progress, the crypto ecosystem remains risky. As digital assets attract more investors, platforms like Binance must strengthen their anti-fraud and protection systems. Everyone must also be aware of the dangers and adopt good cybersecurity reflexes to protect their crypto assets. Because in this digital Wild West, a simple plugin can empty an account.
Maximize your Tremplin.io experience with our 'Read to Earn' program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
Click here to join 'Read to Earn' and turn your passion for crypto into rewards!
